Red Hat Training
A Red Hat training course is available for Red Hat Satellite
User Guide
Using and administering Red Hat Satellite
Edition 1
John Ha
Lana Brindley
Daniel Macpherson
Athene Chan
David O'Brien
Megan Lewis
Abstract
Preface
Chapter 1. Managing User Accounts, Groups, and Systems
1.1. Managing User Accounts
1.1.1. Creating and Deleting User Accounts
Before Satellite users can register with the Satellite server to request product updates or to perform other maintenance, they need a suitable user account. Only certain Satellite Administrators
can create user accounts.
Procedure 1.1. Creating User Accounts
- Navigate to the Satellite web server page, and click the Users tab on the navigation bar.
- On the right side of the page, click create new user to open the Create User page.
- Complete all of the required fields.
Note
The login value must be at least five characters long, and may only contain alphanumeric, hyphen, underscore, comma, period, and commercial at (@) characters. - Click Create Login to create the new user. An email will be sent to the user, using the address specified during creation, to inform them of the new account details. This will include the password in plain text.
- When the account has been successfully created, you will be redirected to the User List page. To change permissions and set options for the new user, select their name from the displayed list to display the User Details page, and navigate to the appropriate tabs to make your changes.
Only Satellite Administrators
can delete user accounts. Deleted accounts cannot be used to log in to the Satellite server interface, or to schedule actions.
Warning
Procedure 1.2. Deleting User Accounts
- Navigate to the Satellite web server page, and click the Users tab on the navigation bar.
- Click the user name of the account that you want to delete from the Username list. The User Details page displays.
- Ensure that the user account is not a Satellite administrator.If the user is a Satellite administrator, clear the associated check box, and click Submit.If the user is not a Satellite administrator, continue to the next step.
- Click Delete User. The Confirm User Deletion page displays.
- Ensure that you want to completely delete this user account, and click Delete User.
Procedure 1.3. Activating and Deactivating Users
Note
- Select the user's name from the list in the Users tab, to display the User Details page.
- Check to see if the user is a Satellite administrator.If the user is a Satellite administrator, uncheck the box next to that role, and click Submit.If the user is not a Satellite administrator, continue to the next step.
- Click Deactivate User.You will be asked to confirm this action, by clicking it again. Check the details, and then click Deactivate User again to confirm.
- Once the account has been successfully deactivated, the user's name will not appear in the Active Users list. Click the Deactivated link from the User List menu to view deactivated user accounts.
- To reactivate the user account, view the Deactivated list, check the box next to the user to be reactivate, and click Reactivate.
1.1.2. Assigning Roles to User Accounts
User Roles
- Satellite Administrator
- A special role for Satellite administrative tasks such as creating organizations, managing subscriptions, and configuring global Satellite Server settings.This role cannot be assigned on the User Details page. A user that already has the Satellite Server administrator role can assign the role to another user by going to Admin → Users.
- Organization Administrator
- Performs management functions such as managing users, systems, and channels within the context of their organization. Organization administrators are automatically granted administration access to all other roles, which are signified by the checkboxes for the other roles being selected and grayed-out.
- Activation Key Administrator
- Performs activation key functions for such as creating, modifying, and deleting keys within the account.
- Channel Administrator
- Provides complete access to the software channels and related associations within the organization. Performs functions such as making channels globally subscribable, and creating new channels, and managing the packages within channels.
- Configuration Administrator
- Has complete access to the configuration channels and related associations within the organization. Also has complete access to the kickstart profiles and associated items within the organization. Performs kickstart profile, channel and file management configuration functions in the organization.
- Monitoring Administrator
- Performs scheduling of probes and oversight of other monitoring infrastructure. This role is available only on Satellite Servers with monitoring enabled.
- System Group Administrator
- This role has complete authority over the systems and system groups to which it is granted access. Performs administrative functions such as creating new system groups, deleting assigned system groups, adding systems to groups, and managing user access to groups.
Chapter 2. Automatically Synchronizing the Red Hat Satellite Server Repository
cron
utility to effectively automate synchronization.
Procedure 2.1. To Use the cron Utility to Automate Synchronization:
- Switch to the root user, and run the following command to open the
crontab
in a text editor:# crontab -e
- Create a suitable job definition to schedule the synchronization. To create a random synchronization time, use the following entry:
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null 2>1
This entry runs the synchronization job randomly between 01:00 and 03:30, and discardsstdout
andstderr
messages from thecron
utility. This prevents duplicating messages from thesatellite-sync
command. Other options can be included as needed. See thecrontab
manual pageman crontab
for more information. - Exit the text editor to save the updated
crontab
file. The new rules take effect immediately.
Note
crontab
file opens in vi by default. To change this behavior, change the EDITOR
variable to the name of the text editor you prefer.
Chapter 3. Planning for Disaster Recovery
3.1. Backing up a Red Hat Satellite Server
Red Hat recommends that you back up at least the following files and directories:
/var/lib/pgsql/
: Embedded database only./etc/sysconfig/rhn/
/etc/rhn/
/etc/sudoers
/var/www/html/pub/
/var/satellite/redhat/[0-9]*/
(This is the location of any custom RPMs)/root/.gnupg/
/root/ssl-build/
/etc/dhcp.conf
/etc/httpd
/tftpboot/
/var/lib/cobbler/
/var/lib/rhn/kickstarts/
/var/www/cobbler
/var/lib/nocpulse/
/var/satellite/
as well. In case of failure, this will save lengthy download times. The /var/satellite/
directory (specifically /var/satellite/redhat/NULL/
) is primarily a duplicate of Red Hat's RPM repository, and can be regenerated using the satellite-sync
command. Red Hat recommends that the entire /var/satellite/
tree be backed up. In the case of disconnected satellites, /var/satellite/
must be backed up.
- Reinstall the Red Hat Satellite ISO RPMs.
- Reregister the server.
- Use the
satellite-sync
command to resynchronize Red Hat packages. - Reinstall the
/root/ssl-build/rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
file.
Another method is to back up all of the files and directories mentioned above but reinstall the Satellite server without reregistering it. During the installation, cancel or skip the Red Hat Network registration and SSL certificate generation sections.
The final and most comprehensive method is to back up the entire machine. This saves download and reinstallation time but requires additional disk space and back-up time.
Important
rhn-search
service is started:
# service rhn-search cleanindex
3.2. Backing up an Embedded Database
db-control
command provides features to create, verify, and restore backups, to obtain database status information and to restart the database when necessary. See the db-control
manual page (man db-control
) for a full listing of the features available.
3.2.1. Performing Online Database Backups
db-control
command make this functionality possible.
db-control
command:
online-backup FILENAME:
Performs an online backup of the Satellite database (embedded PostgreSQL only).reset-password:
Resets the user password and unlocks the account.restore DIRECTORY | FILENAME:
Restores the database from either:- An offline backup taken by
db-control
and saved in the DIRECTORY directory. The database must be stopped for both thebackup
backup
andrestore
operations in order to run successfully. - An online backup taken by
db-control
and saved as FILENAME. The database itself must be running for both theonline-backup
online-backup
andrestore
operations in order to run successfully, but all other Satellite services must be stopped.
3.2.1.1. Performing an Online Backup
FILENAME
option with the full path to the backup file that you want to create. This location needs to be writable by the PostgreSQL user:
# db-control online-backup
FILENAME
Note
3.2.1.2. Restoring a Database from an Online Backup
db-control restore
FILENAME
command to restore an embedded database from a backup created using the db-control online-backup
command. Before you restore a database, you need to shut down all Satellite services except the database itself.
Procedure 3.1. To Restore a Database from an Online Backup:
- Change to the root user, and run the following command to stop all Satellite services except the database:
# rhn-satellite
stop
--exclude=postgresql
- Run the following command to restore the database. Replace the
FILENAME
option with the full path to the backup file created with thedb-control
command:online-backup
# db-control
restore
FILENAME
- After the restoration is complete, run the following command to restart the database and all related services:
# rhn-satellite
start
3.2.2. Performing Offline Database Backups
3.2.2.1. Performing an Offline Backup
Procedure 3.2. To Create an Offline Backup:
- Change to the root user, and run the following command to stop the Satellite server:
# rhn-satellite stop
- Run the following command to create the backup:
# db-control
backup DIRECTORY
Replace DIRECTORY with the absolute path to the location where you want to store your database backup. This process will take several minutes. - When the backup is complete, run the following command to restart the Satellite server:
# rhn-satellite start
- Copy the backup to another system using rsync or another file-transfer utility. Red Hat strongly recommends scheduling the backup process automatically using cron jobs. For instance, back up the system at 03:00 and then copy the backup to the separate repository (partition, disk, or system) at 06:00.
3.2.2.2. Verifying the Backup
# db-control examine
DIRECTORY
# db-control verify
DIRECTORY
Note
3.2.2.3. Restoring the Database
db-control restore
command to restore embedded databases from backup. Before you attempt to restore a database, you need to shut down the database and any related services.
Procedure 3.3. To Restore an Embedded Database from a Backup:
- Run the following command to stop all of the Red Hat Satellite services:
# rhn-satellite
stop
- Run the following command, including the directory containing the backup, to begin the restoration. Ensure that you replace directory with the absolute path to the location that contains the backup. This process will verify the contents of the backup before restoring the database. The process will take several minutes.
# db-control
restore directory
This not only restores the embedded database but first verifies the contents of the backup directory using checksums. - After the restoration is complete, restart the database and related services:
# rhn-satellite
start
- Regardless of whether you are backing up an external or embedded database, when the database is restored from a backup, you should schedule the restoration of search indexes the next time the
rhn-search
service is started:# service rhn-search
cleanindex
3.3. Cloning a Red Hat Satellite with an Embedded Database
Procedure 3.4. To Clone a Satellite Server with an Embedded Database:
- Install Red Hat Satellite with an embedded database on a base install of Red Hat Enterprise Linux on a separate machine. That is, a machine separate from your primary Red Hat Satellite server. Omit the SSL Certificate generation step.
- Back up the primary server's database daily using the commands described in Section 3.2.2.1, “Performing an Offline Backup”. This ensures that only changes made the day of the failure are lost.
- Establish a mechanism to copy the backup to the secondary server. Keep these repositories synchronized using a file transfer program such as rsync. Copying is not necessary if using a Storage Area Network (SAN).
- Use the
db-control
command to import duplicate data.restore
- If the primary server fails, transfer the SSL key pair RPM package in
/root/ssl-build
from the primary to the secondary server, and install that package. This ensures that Red Hat Satellite clients can authenticate with and securely connect to the secondary server. - Update your DNS to reference the secondary server, or configure your load balancer appropriately.
3.4. Creating Redundant Satellites with External Databases
Important
Procedure 3.5. To Create a Redundant Satellite with an External Database:
- Install Red Hat Satellite on a separate machine, but omit the database configuration, database schema, SSL certificate, and bootstrap script generation steps. Include the same Red Hat Network account and database connection information provided during the initial Satellite installation.
- Register the new Satellite server. See the Red Hat Satellite Installation Guide for more information.
- If your original SSL certificate does not take your high-availability solution into account, create a new one with a more appropriate
Common Name
value (see The SSL Maintenance Tool in the Red Hat Satellite Client Configuration Guide). In this case, generate a new bootstrap script (as defined in Generating Bootstrap Scripts in the Red Hat Satellite Client Configuration Guide) that captures this new value. Ensure theCommon Name
value represents the combined Satellite solution, not a single machine's host name. - After installation, copy the following files from the primary server to the secondary:
/etc/rhn/rhn.conf
/etc/tnsnames.ora
(Oracle database only.)
- Copy the server-side SSL certificate RPMs from the primary server and install them on the secondary server.If, during the installation process, you generated a new SSL certificate that included a new Common Name value, copy the SSL certificate RPMs from the secondary to the primary server and redistribute the client-side certificate. If you also created another bootstrap script, use it to install the certificate on all client systems.
- If you created a new bootstrap script, copy the contents of
/var/www/html/pub/bootstrap/
to the primary server. - If you did not create a new bootstrap script, copy the contents of
/var/www/html/pub/bootstrap/
from the primary server to the secondary server.
- Run the following command on the secondary server to stop the Red Hat Network Task Engine service:
# service taskomatic stop
You can use custom scripting or other means to establish automatic start-up/failover of the Red Hat Network Task Engine on the secondary server. Regardless, you need to ensure that it starts in the event of a failure. - Share channel package data (by default located in
/var/satellite
) and cache data (by default located in/var/cache/rhn
) between the primary and secondary servers over some type of networked storage device. This eliminates data replication and ensures a consistent store of data for each server. - Make the various servers available on your network using a suitable Common Name and a method that suits your infrastructure. Options include round-robin DNS, a network load balancer, and a reverse-proxy setup.
3.5. Automating Satellite Database Backups
cron
.
Procedure 3.6. To Automate Satellite Server Database Backups:
backup-db.sh
containing the following script. This script will stop the satellite, perform a database backup, and restart the satellite:
#!/bin/bash { /usr/sbin/rhn-satellite stop d=db-backup-$(date "+%F"); mkdir -p /tmp/$d; db-control backup /tmp/$d /usr/sbin/rhn-satellite start } &> /dev/null
- Create a new file called
move-files.sh
containing the following script. This script will usersync
to move the backup files to a directory to be stored:#!/bin/bash rsync -avz /tmp/db-backup-$(date "+%F") <destination> &> /dev/null
Replace <destination> with the path to the backup directory.Alternatively, use the following script to achieve the same goal:#!/bin/bash scp -r /tmp/db-backup-$(date "+%F") <destination> &> /dev/null
- Switch to the root user, and open the
crontab
file in a text editor:# crontab -e
Note
Thecrontab
file opens in vi by default. To change this behavior, change theEDITOR
variable to the name of the text editor you prefer. - Create a suitable job definition to schedule the backup scripts to run:
0 3 * * * backup-db.sh 0 6 * * * move-files.sh
Thiscrontab
entry will run the backup at 03:00, and transfer the backup files at 06:00. Other options can be included as needed. You can also include a clean up script to remove older backup directories and prevent the backup storage from filling up. - Exit the editor to save the
crontab
file. The new rules take effect immediately.
Chapter 4. Cloning Software Channels and Errata
spacewalk-clone-by-date
command to create custom cloned Red Hat Enterprise Linux channels based on the date an erratum was made available to the Red Hat Enterprise Linux system.
4.1. Features
spacewalk-clone-by-date
:
- Cloning the channel errata and associated package states as they were on a specific date
- Automating the cloning by scripts and template files
- Removing or blocking packages from channels
- Resolving package dependencies within the parent and child channels
- Filtering and acting on specific errata while ignoring others. For example, acting only on security errata and ignoring bugfixes and enhancements.
Note
spacewalk-clone-by-date
command as the root user and the username
needs to be either an Organizational Administrator or Channel Administrator.
4.2. Example Usage
rhel-i386-server-5
channel errata as it is on January 1st, 2012, into the channel named my-clone-RHEL-5.
# spacewalk-clone-by-date --username=your_username --password=your_password --server=satellite_server_url --channels=rhel-i386-server-5 my-clone-RHEL-5 --to_date=2012-01-01
Important
# spacewalk-clone-by-date --username=your_username --password=your_password --server=satellite_server_url --channels=rhel-i386-server-5 my-clone-RHEL-5 --to_date=2012-01-01 --security_only --background --blacklist=kernel,vim-extended --assumeyes
spacewalk-clone-by-date
for more information about the available options and how to use them.
Chapter 5. Monitoring
5.1. Monitoring Tablespaces
db-control report
command as the root
user.
db-control tablesizes
command as the root
user.
5.2. Monitoring Red Hat Satellite Server Processes
rhn-satellite status
command to verify that all services related to the Satellite Server are running:
# rhn-satellite status
Chapter 6. Maintaining System Security Using OpenSCAP
6.1. OpenSCAP Features
6.2. OpenSCAP Prerequisites
- A tool to verify that a system conforms to a standard.Satellite Server 5.5 and later use OpenSCAP as an auditing feature. This allows you to use the web interface to schedule and view compliance scans for any system.
- SCAP content.You can generate your own SCAP content if you have an understanding of at least XCCDF or OVAL. XCCDF content is also frequently published online under open source licenses, and you can customize this content to suit your needs instead.
Note
Red Hat supports the use of templates to evaluate your systems. However, custom content authoring of these templates is not supported.Some examples of bodies that publish XCCDF content are:- The United States Government Configuration Baseline (USGCB): Official SCAP content for desktops within federal agencies that has been developed at NIST in collaboration with Red Hat, Inc. and the United States Department of Defense (DoD) using OVAL.
- Community-provided content:
- SCAP Security Guide: Active community-run content that sources from the USGCB requirements and widely-accepted policies and contains profiles for desktop, server, and FTP server. Suitable for Red Hat Enterprise Linux 6 and JBoss Enterprise Application Server 5.
- OpenSCAP Content for Red Hat Enterprise Linux 6: The openscap-content package from the Red Hat Enterprise Linux 6 Optional Channel also provides default content guidance by means of a template.
6.3. Red Hat Satellite Prerequisites for Using OpenSCAP
- Satellite Server: Satellite 5.5 or later.
- Satellite Client: spacewalk-oscap package (available from the Red Hat Network Tools Child Channel).
A Management entitlement is required for scheduling scans.
Satellite Client: Distribution of the XCCDF content to all client machines.
- Traditional methods, such as CD, USB, NFS, SCP, FTP.
- Satellite scripts.
- RPM packages.Custom RPMs are the recommended way to distribute SCAP content to other machines. RPM packages can be signed and verified to ensure their integrity. Installation, removal, and verification of RPM packages can be managed from the user interface.
6.4. Performing Audit Scans
6.4.1. Using the Web Interface to Perform Audit Scans
Procedure 6.1. To Perform an Audit Scan Using the Web Interface:
- Log in to the Satellite web interface.
- Click Systems → system_name.
- Click Audit → Schedule.
- Complete the
Schedule New XCCDF Scan
page. See Section 6.5.2.3, “Schedule Page” for information about the fields on this page.Warning
The XCCDF content is validated before it is run on the remote system. Specifying invalid command-line arguments can causespacewalk-oscap
to fail to validate or run. Due to security concerns theoscap xccdf eval
command only accepts a limited set of parameters.
Note
rhn_check
command to ensure that the action is being picked up by the client system.
# rhn_check -vv
rhnsd
or osad
are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands:
# service rhnsd start
OR# service osad start
6.4.2. Using the API to Perform Audit Scans
Procedure 6.2. To Perform an Audit Scan Using the API:
- Choose an existing script or create a script for scheduling a system scan through
system.scap.scheduleXccdfScan
, the front-end API, for example:#!/usr/bin/python client = xmlrpclib.Server('https://satellite.example.com/rpc/api') key = client.auth.login('username', 'password') client.system.scap.scheduleXccdfScan(key, 1000010001, '/usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml', '--profile united_states_government_configuration_baseline')
Where:- 1000010001 is the
system ID (sid)
. /usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml
is the path to the content location on the client system. In this case, it assumes USGCB content in the/usr/local/share/scap
directory.--profile united_states_government_configuration_baseline
is an additional argument to theoscap
command. In this case, it is using the USGCB.
- Run the script on the command-line interface of any system. The system needs the appropriate Python and XML-RPC libraries installed.
Note
rhn_check
command to ensure that the action is being picked up by the client system.
# rhn_check -vv
rhnsd
or osad
are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands:
# service rhnsd start
OR# service osad start
6.4.3. Viewing the Results of SCAP Audits
- Using the web interface. After the scan has finished, the results are available on the Audit page of specific system. See Section 6.5, “OpenSCAP Satellite Web Interface”.
- Using the API functions in handler
system.scap
. - Using the
spacewalk-report
command, as follows:# spacewalk-report system-history-scap
# spacewalk-report scap-scan
# spacewalk-report scap-scan-results
6.5. OpenSCAP Satellite Web Interface
6.5.1. OpenSCAP Scans Page
6.5.1.1. All Scans
- System: the system that was scanned.
- XCCDF Profile: the evaluated profile.
- Completed: the time the scan was completed.
- Satisfied: the number of rules that were satisfied. A rule is considered to be Satisfied if the result of the evaluation is either Pass or Fixed.
- Dissatisfied: the number of rules that were not satisfied. A rule is considered to be Dissatisfied if the result of the evaluation is Fail.
- Unknown: the number of rules that failed to evaluate. A rule is considered to be Unknown if the result of the evaluation is Error, Unknown or Not Checked.
6.5.1.2. XCCDF Diff
diff
output of similar scans. Alternatively, or you can specify the ID of arbitrary scans.
6.5.1.3. Advanced Search
- Rule results.
- Targeted machine.
- Time frame of the scan.
6.5.2. Systems Audit Page
Security Content Automation Protocol (SCAP).
Before you scan a system, ensure that the SCAP content is prepared and all prerequisites are met.
6.5.2.1. List Scans
Table 6.1. OpenSCAP Scan Labels
Column Label | Definition |
---|---|
XCCDF Test Result | The scan test result name. This is also a link to the detailed results of the scan. |
Completed | The exact time the scan finished. |
Compliance | The unweighted pass:fail ratio of compliance based on the standard that was used. |
P | The number of checks that passed. |
F | The number of checks that failed. |
E | The number of errors that occurred during the scan. |
U | Unknown |
N | Not applicable to the machine. |
K | Not checked. |
S | Not selected. |
I | Informational |
X | Fixed |
Total | Total number of checks. |
- No difference between the compared scans.
- Arbitrary differences between the compared scans.
- Major differences between the compared scans. Either there are more failures than the previous scan or less passes.
- No comparable scan was found, and therefore no comparison was made.
6.5.2.2. Scan Details
This section displays various details about the scan, including:
File System Path:
The path to the XCCDF file used for the scan.Command-line Arguments:
Any additional command-line arguments that were used.Profile Identifier:
The profile identifier used for the scan.Profile Title:
The title of the profile used for the scan.Scan's Error output:
Any errors encountered during the scan.
The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. This list can be filtered by a specific result.
6.5.2.3. Schedule Page
- Command-line Arguments: Optional arguments to the
oscap
command, either:--profile PROFILE
: Specifies a particular profile from the XCCDF document.Profiles are determined by theProfile
tag in the XCCDF XML file. Use theoscap
command to see a list of profiles within a given XCCDF file, for example:$ oscap info /usr/share/openscap/scap-rhel6-xccdf.xml Document type: XCCDF Checklist Checklist version: 1.1 Status: draft Generated: 2011-10-12 Imported: 2012-11-15T22:10:41 Resolved: false Profiles: RHEL6-Default
If not specified, the default profile is used.Note
Some early versions of OpenSCAP in Red Hat Enterprise Linux 5 require that you use the--profile
option or the scan will fail.--skip-valid
: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content.
- Path to XCCDF Document: This is a required field. The
path
parameter points to the XCCDF content location on the client system. For example:/usr/local/scap/dist_rhel6_scap-rhel6-oval.xml
Warning
The XCCDF content is validated before it is run on the remote system. Specifying invalid arguments can causespacewalk-oscap
to fail to validate or run. Due to security concerns, theoscap xccdf eval
command only accepts a limited set of parameters.
Chapter 7. Reporting Client Software Failures
7.1. Viewing Software Failures for a Single Client
Procedure 7.1. To view software failures for a single client
- Log into your Red Hat Satellite Web UI.
- Click Systems → system_name → Software → Software Crashes to see the list of software failures that occurred on the registered system.
- Click the required failure to see its details and the files captured for this software failure report.
7.2. Grouping Similar Software Failures
Procedure 7.2. To view similar software failures across clients
- Log into your Red Hat Satellite Web UI.
- Click Systems → Software Crashes to see a list of all software failures across all registered systems.
- Click the on a Crash UUID to see the systems affected by the software failure.
- Click on a specific system to see details and the files captured for the individual software failure report.
7.3. Changing Organization-wide Settings for Software Failure Reports
Procedure 7.3. To change the organization-wide settings for software failures
- In the Satellite Web UI, click Admin → <organization_name> → Configuration.
- Modify the desired organization-wide and upload size settings, then click Update Organization to save.
7.4. Log Files of Software Failures
/var/satellite/systems/$org_id/$system_id/crashes/$crash_name/
directory.
Chapter 8. Generating Red Hat Satellite Reports
channel-packages
- Packages in channelschannels
- Channel reportcustom-info
- Display system custom infoentitlements
- Entitlement and channel list and usageerrata-channels
- List of errata in channelserrata-list
- Errata information based upon compliance checks against systemserrata-list-all
- List of all errataserrata-systems
- Listing of each errata applicable to each affected systeminactive-systems
- Inactive systems in Satelliteinventory
- Inventory reportkickstartable-trees
- List of kickstartable treespackages-updates-all
- List of packages that can be upgradedpackages-updates-newest
- List of packages that can be upgradedscap-scan
- Results of OpenSCAP xccdf evaluationscap-scan-results
- Results of OpenSCAP xccdf evaluationsystem-crash-count
- Crash count for systemssystem-crash-details
- Crash details for systemssystem-currency
- System currency listsystem-groups
- System groups in Satellitesystem-groups-keys
- Activation keys for system groupssystem-groups-systems
- Systems in system groupssystem-groups-users
- System groups users reportsystem-history
- System event historysystem-history-channels
- Channel event historysystem-history-configuration
- Configuration event historysystem-history-entitlements
- System entitlement event historysystem-history-errata
- Errata event historysystem-history-kickstart
- Kickstart event historysystem-history-packages
- Package event historysystem-history-scap
- OpenSCAP event historysystem-packages-installed
- Packages installed on systemsusers
- Users in the systemusers-systems
- Systems administered by individual users
spacewalk-report
command as follows:
# spacewalk-report report-name
spacewalk-report
command with the -h
option.
Chapter 9. Scheduling Red Hat Satellite Administrative Tasks
taskomatic
service. These operations are segregated into individual tasks and grouped logically into a bunch that is defined by schedules. You can modify these schedules to execute at specific time intervals. Satellite schedules are used to:
- Remove the administrative burden from the organizational administrator by automating tasks.
- Schedule operational tasks for time frames that will not tax the organization's daily network traffic.
Table 9.1. Default Schedules in Red Hat Satellite 5.6
Schedule Name | Bunch Name | Bunch Function |
---|---|---|
channel-repodata-default | channel-repodata-bunch | Generates channel repository data. |
cleanup-data-default | cleanup-data-bunch | Cleans up orphaned and outdated data. |
clear-taskologs-default | clear-taskologs-bunch | Clears taskomatic run log history. |
cobbler-sync-default | cobbler-sync-bunch | Applies any cobbler configuration changes. |
compare-configs-default | compare-configs-bunch | Schedules a comparison of configuration files on all systems. |
daily-status-queue | daily-status-bunch | Sends daily report. |
errata-cache-default | errata-cache-bunch | Recalculates errata cache for a given server or channel. |
errata-queue-default | errata-queue-bunch | Processes errata. |
kickstart-cleanup-default | kickstart-cleanup-bunch | Cleans up stale kickstart files. |
kickstartfile-sync-default | kickstartfile-sync-bunch | Synchronizes kickstart profiles that were generated using the wizard. |
package-cleanup-default | package-cleanup-bunch | Cleans up orphaned packages. |
sandbox-cleanup-default | sandbox-cleanup-bunch | Cleans up sandbox. |
satcert-check-default | satcert-check-bunch | Determines expiration status of Satellite certificate. |
session-cleanup-default | session-cleanup-bunch | Deletes expired rows from the PXTSessions table to prevent it from growing too large. |
sync-probe-default | sync-probe-bunch | Synchronizes probe state. |
9.1. Scheduling a Run
Procedure 9.1. Creating a Schedule Template
- Log in to Satellite as the Organization Administrator.
- Click Admin → Task Schedules → Create Schedule.
- Complete the following fields:
- Schedule Name: must begin with a letter and contain only lowercase characters, hyphens, periods, underscores, or numerals.
- Bunch: the default bunch of administrative tasks the administrator can choose from.
- FrequencyThe following frequency options are available:
- Disable Schedule: only recommended for administrators who have advanced knowledge of the scheduled tasks and their consequences. Disabling schedules can change Satellite behavior.
- Daily: creates a daily schedule for a specific time of day.
- Weekly: creates a weekly schedule for a specific day and time of day.
- Monthly: creates a monthly schedule for a specific day and time of day.
- Custom Quartz Format: this format relies on cron expressions to define the schedule. For more information about this format, see the crontab man page (
man 5 crontab
.)
- Click Create Schedule.
Procedure 9.2. Editing Schedule Templates
- Log in to Satellite as the Organization Administrator.
- Click Admin → Task Schedules.
- Click the schedule that you want to modify.
- Change the Frequency type as required.
- Click Edit Schedule.
Appendix A. Revision History
Revision History | |||||||||
---|---|---|---|---|---|---|---|---|---|
Revision 3-20.402 | Thu Aug 20 2015 | Dan Macpherson | |||||||
| |||||||||
Revision 3-20.401 | Tue Mar 17 2015 | Dan Macpherson | |||||||
| |||||||||
Revision 3-20.400 | 2013-10-31 | Rüdiger Landmann | |||||||
| |||||||||
Revision 3-20 | Fri Sep 27 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-19 | Wed Sep 11 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-18 | Wed Sep 11 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-17 | Wed Sep 11 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-16 | Tue Sep 10 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-15 | Thu Aug 29 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-14 | Tues Aug 20 2013 | Megan Lewis | |||||||
| |||||||||
Revision 3-13 | Mon Jul 29 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-12 | Sun Jul 28 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-11 | Wed Jul 24 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-10 | Tue Jul 23 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-9 | Fri Jul 12 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-8 | Fri Jul 12 2013 | Dan Macpherson | |||||||
| |||||||||
Revision 3-6 | Thu Jul 11 2013 | David O'Brien | |||||||
| |||||||||
Revision 3-5 | Wed Sept 19 2012 | Dan Macpherson | |||||||
| |||||||||
Revision 3-4 | Fri Aug 31 2012 | Athene Chan | |||||||
| |||||||||
Revision 3-3 | Fri Aug 24 2012 | Athene Chan | |||||||
| |||||||||
Revision 3-3 | Fri Aug 24 2012 | Athene Chan | |||||||
| |||||||||
Revision 3-2 | Fri Aug 24 2012 | Athene Chan | |||||||
| |||||||||
Revision 3-1 | Fri Aug 17 2012 | Athene Chan | |||||||
| |||||||||
Revision 3-0 | Thu Aug 9 2012 | Athene Chan | |||||||
| |||||||||
Revision 2-5 | Wed Aug 1 2012 | Athene Chan | |||||||
| |||||||||
Revision 2-0 | Fri Jul 6 2012 | Athene Chan | |||||||
| |||||||||
Revision 1-5 | Mon Aug 15 2011 | Lana Brindley | |||||||
| |||||||||
Revision 1-4 | Mon Jun 20 2011 | Lana Brindley | |||||||
| |||||||||
Revision 1-3 | Mon Jun 20 2011 | Lana Brindley | |||||||
| |||||||||
Revision 1-2 | Wed Jun 15 2011 | Lana Brindley | |||||||
| |||||||||
Revision 1-1 | Fri May 27 2011 | Lana Brindley | |||||||
| |||||||||
Revision 1-0 | Fri May 6, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-15 | Thu May 5, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-14 | Mon May 2, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-13 | Fri Apr 29, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-12 | Mon Apr 18, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-11 | Mon Apr 18, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-10 | Mon Apr 18, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-9 | Thu Apr 14, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-8 | Wed Apr 13, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-7 | Wed Mar 23, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-6 | Mon Feb 19, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-5 | Fri Feb 18, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-4 | Mon Jan 10, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-3 | Fri Jan 7, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-2 | Wed Jan 5, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-1 | Tue Jan 4, 2011 | Lana Brindley | |||||||
| |||||||||
Revision 0-0 | Tue Dec 21, 2010 | Lana Brindley | |||||||
|